Apple released a system update last Wednesday that, among other things, fixes the serious security bug in Safari. In addition to the bug in Safari, the update also fixes 19 other security vulnerabilities present in Mac OS X.
The security problem in Mac OS X was poor checking of files downloaded from a website. When a specially modified compressed file was downloaded, it was possible for an attacker to run code on the system undetected. Not only did this problem occur in the Safari web browser, but also in Apple’s email client. Another ‘problem’ that is fixed with this update is a change in the instant messaging client iChat. After installing the update, this program will warn you when the user receives files from another user. The notification alerts the user that the received file contains a possible virus, with which Apple responds to the Leap virus that Sophos warned about. The update also fixes four other security vulnerabilities in Safari that could allow code to run when certain websites are visited. The update also fixes security vulnerabilities in PHP, Apple’s Directory Service and FileVault. Normally, Mac OS X users receive the update automatically through the operating system’s update facility, but it’s too to download from Apple’s site.